MobileRead Forums
Register Guidelines E-Books Today's Posts Search

Go Back   MobileRead Forums > E-Book General > News
Reload this Page Manipulated PDF exploits Adobe Acrobat flaws

Notices

Reply
 
Thread Tools Search this Thread
Old 09-16-2006, 05:23 AM   #1
Alexander Turcic
Fully Converged
Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.
 
Alexander Turcic's Avatar
 
Posts: 18,163
Karma: 14021202
Join Date: Oct 2002
Location: Switzerland
Device: Too many to count here.
Manipulated PDF exploits Adobe Acrobat flaws
Security specialist David Kierznowski published an article revealing two possible backdoor techniques for fully patched versions of Adobe Acrobat Reader and Professional. It includes everything a wannabe hacker needs to know to exploit your computer: proof of concept code and backdoored PDF documents.

Quote:
The first attack is simple and affects both Adobe Reader and Adobe Professional. It involves adding a malicious link into the PDF document. Once the document is opened, the user's browser is automatically launched and the link is accessed. At this point it is obvious that any malicious code be launched. It is interesting to note that both Adobe 6 & 7 did not warn me before launching these URLs.

The second attack involves utilising Adobe's ADBC (Adobe Database Connectivity) and Web Services support.
At least as a temporarily solution you may want to switch to one of the alternative PDF Readers out there, which are, from what I've heard, not exploitable this way.

Related: Adobe Acrobat subject to remote exploit

[via Full Disclosure Mailing List]
Alexander Turcic is offline   Reply With Quote
Old 09-16-2006, 01:44 PM   #2
arivero
Guru
arivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it is
 
arivero's Avatar
 
Posts: 607
Karma: 2157
Join Date: Oct 2005
Device: NCR3125, Nokia 770,...
But it is not true, isnt it? I mean, we took some time with this and both in acrobat reader and xdef we were asked before to launch a link.

Wait... that was for EXEC launchs. So Acrobat HTML launchs do not ask? Yep, indeed they do not.
arivero is offline   Reply With Quote
Advert
Reply

« Previous Thread | Next Thread »

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Adobe acrobat PDF file names psionx Sony Reader 6 10-10-2009 08:02 PM
pdf and adobe acrobat reader? superstitious PDF 2 09-11-2009 07:56 PM
Created A Document with Adobe Acrobat, DRMed? ooo PDF 10 04-12-2009 03:26 PM
Adobe reader 9 VS. Acrobat 7 Icarusbop Reading and Management 2 03-08-2009 08:16 PM
Adobe Acrobat goes online, Reader gets a boost Alexander Turcic News 9 06-04-2008 05:52 AM


All times are GMT -4. The time now is 09:13 AM.

Contact Us - FAQ - Guidelines - Privacy - Top

MobileRead.com is a privately owned, operated and funded community.